From 9ef83174ba1869a7ea45361fe25b0efa26abb237 Mon Sep 17 00:00:00 2001
From: Peter Bacsko <bacskop@gmail.com>
Date: Fri, 6 Dec 2024 13:57:03 +0100
Subject: [PATCH] [YUNIKORN-2990] Add support for securityContext in the helm
 charts (#184)

Closes: #184

Signed-off-by: Peter Bacsko <bacskop@gmail.com>
---
 .../templates/admission-controller-deployment.yaml   |  8 ++++++++
 helm-charts/yunikorn/templates/deployment.yaml       | 12 ++++++++++++
 helm-charts/yunikorn/values.yaml                     |  5 +++++
 3 files changed, 25 insertions(+)

diff --git a/helm-charts/yunikorn/templates/admission-controller-deployment.yaml b/helm-charts/yunikorn/templates/admission-controller-deployment.yaml
index 6e08cce..9e9973c 100644
--- a/helm-charts/yunikorn/templates/admission-controller-deployment.yaml
+++ b/helm-charts/yunikorn/templates/admission-controller-deployment.yaml
@@ -51,6 +51,10 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
+      {{- with .Values.admissionPodSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- if .Values.admissionController.hostNetwork }}
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
@@ -88,6 +92,10 @@ spec:
             limits:
               cpu: {{ .Values.admissionController.resources.limits.cpu }}
               memory: {{ .Values.admissionController.resources.limits.memory }}
+          {{- with .Values.admissionContainerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - name: admission-controller-secrets
               mountPath: /run/secrets/webhook
diff --git a/helm-charts/yunikorn/templates/deployment.yaml b/helm-charts/yunikorn/templates/deployment.yaml
index 2fbfe40..aecbbf3 100644
--- a/helm-charts/yunikorn/templates/deployment.yaml
+++ b/helm-charts/yunikorn/templates/deployment.yaml
@@ -49,6 +49,10 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- if .Values.hostNetwork }}
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
@@ -95,6 +99,10 @@ spec:
                   fieldPath: metadata.namespace
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          {{- with .Values.schedulerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
         {{- if .Values.enableWebService }}
         - name: yunikorn-scheduler-web
           image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag }}"
@@ -105,4 +113,8 @@ spec:
               protocol: TCP
           resources:
             {{- toYaml .Values.web.resources | nindent 12 }}
+          {{- with .Values.webSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
         {{- end }}
diff --git a/helm-charts/yunikorn/values.yaml b/helm-charts/yunikorn/values.yaml
index 19a5127..f5a1b26 100644
--- a/helm-charts/yunikorn/values.yaml
+++ b/helm-charts/yunikorn/values.yaml
@@ -128,3 +128,8 @@ enableWebService: true
 
 podLabels: {}
 podAnnotations: {}
+podSecurityContext: {}
+schedulerSecurityContext: {}
+webSecurityContext: {}
+admissionPodSecurityContext: {}
+admissionContainerSecurityContext: {}